[hsk0823]

There's a whole IT market segment around TLS decryption for corporate LAN. Basically corporate MITM that will decrypt TLS at the gateway / firewall, and with currently used TLS standards, will then re encrypt the traffic back to the client so the browser thinks it has a legit connection. It's used to scan packets for intrusion detection, for malware, to track for data loss like the article talks about.

[excalibur]

But you don't NEED to kill forward secrecy to do that. TLS 1.3 doesn't seem to be a problem for the anti-malware, IPS, or even DLP use cases. You just need to decrypt, inspect, and re-encrypt traffic at the firewall, using a CA cert trusted by your clients. The problem is lazy organizations that just want to passively collect all of the encrypted traffic and then decrypt it later at their leisure, which smells much more like surveillance than security.

[cbsmith]

Yeah, you're missing the security model.

The point is to have the decryption done on a system that is isolated from the production environment (and is consequently isolated from security compromises).

[throwaway2016a]

All of those require your computer to trust a new Certificate Authority or you will get warnings all over the place. If there is a company that claims to be able to do it without trusting the CA or producing warnings I would love to see it. (seriously, I actually would love to see that).

And if you are in a corporate environment using a company computer you forfeit your privacy anyway. You can always go somewhere else or do your banking and Facebook on a different machine / not on company time.

[KingMachiavelli]

Why? If you have the private key you can decrypt TLS traffic if forward secrecy is off. Which is why forward secrecy exists, to prevent captured encrypted sessions form being decrypted out-of-band with, presumably, comprimised private keys.

The issue is that TLS 1.3 deprecates the key exchange that makes this possible, essentially making (perfect) forward secrecy a requirement since the only inlcuded ciphers do so. The only way to monitor/inspect TLS traffic in this situation is to MITM the traffic rather than simply record encrypted sessions.

[dcbadacd]

It's deceptive to call out-of-band MITM not MITM, it's still MITM just covert. TLSv1.3 forcing it to become glaringly obvious is exactly what should be happening.

[aidenn0]

For client-side it does require a new CA, but for server side it does not (since you have access to all of the private keys in use). Given that banks are pushing for this standard, that would make a lot of sense.

[tonyarkles]

Correct re: the root cert in my experience at least. They usually get pushed out as part of a Group Policy in Active Directory.

[tinus_hn]

The original purpose was governments spying on their citizens, which is why a lot of software uses certificate pinning to block this intrusion. These MITM solution just let through the big players’ traffic so you don’t get too much of a fuss while still retaining the ability to ‘check for malware’.